Open Mucka opened 1 year ago
see #35. it seems CSD must be performed within openconnect-sso's flow and some of us have been successful in doing it that way, by sending back a previously captured flat text CSD response via openconnect-sso builds tweaked to support this.
I am not able to select host in Cisco AnyConnect Client. Even if I unmatch "Block connections to untrusted servers".
I tried to use /etc/hosts
but warning message appears AnyConnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy.
. I tried to reroute VPN IP address using firewall NAT rules on router. But the same message appears : <
@Mucka I am not able to select host in Cisco AnyConnect Client...
it took me a sec to realize you're working on capturing your anyconnect hostscan response via the local proxy tool... it's been so long since i did that i don't remember why i wasn't prevented in the same way because that sounds like an obvious barrier to have in place... you could indeed be stuck... you could see if the hostscan file i shared in my readme is enough, there is nothing sensitive in there... you might get lucky... or maybe try an older version of anyconnect client that doesn't have that continuity check in place... i'm pretty sure i was running 4.9.06037
I took me a while, but I was able to obtain hostscan-bypass.sh
. This issue helped, i had to create config.json
with empty cert and add -c config.json
to hostscan-bypass, then finally using router firewall nat I had rewritten VPN ip address to local one and generated hostscan-bypass.sh
! I manually converted this file to hostscan-data following your format and it is working! Thank you very much! I had used your fork.!
@Mucka - very cool. way to persevere. and good on you for sharing your notes.
Its possible to get this working on linux-64 hosts also.
<error id="13" param1="" param2="">
Unable to complete connection: Cisco Secure Desktop not installed on the client
</error>
Also tried the hostscan-bypass method, created a PR to be able to do this.
Solved it with https://github.com/vlaci/openconnect-sso/pull/181
I am trying to connect to the VPN that require CSD, although whole process goes perfect (with --no-sandbox chromium engine flag), in the end VPN refuses to connect because CSD fails. How should I enable CSD in openconnect?